envoyproxy/envoy

Modernize TLS defaults

Open

#5 401 ouverte le 22 déc. 2018

Voir sur GitHub
 (21 commentaires) (0 réactions) (0 assignés)C++ (5 373 forks)batch import
area/tlshelp wanted

Métriques du dépôt

Stars
 (27 997 stars)
Métriques de merge PR
 (Merge moyen 8j) (378 PRs mergées en 30 j)

Description

Tracking bug for modernization of the TLS defaults, which will span multiple releases:

  • - #5392 - split client/server defaults (1.10)
  • - #5459 - enable TLS 1.3 on the server-side (1.10)
  • - enable TLS 1.3 0-RTT / early data on the server-side (???)
  • - #9300 - enable TLS 1.3 on the client-side (???)
  • - enable TLS 1.3 0-RTT / early data on the client-side (???)
  • - #5395 - remove TLS 1.0 and 1.1 from the defaults on the client-side (1.13)
  • - #5396 - remove RSA key transport from the defaults on the client-side (1.17)
  • - #5397 - remove SHA-1 cipher suites from the defaults on the client-side (1.17)
  • - #5398 - remove TLS 1.0 and 1.1 from the defaults on the server-side (1.18)
  • - #5399 - remove RSA key transport from the defaults on the server-side (1.18)
  • - #5400 - remove SHA-1 cipher suites from the defaults on the server-side (1.18)

Deprecations on the client-side are pretty safe, because virtually all servers are using modern TLS stack (thanks to Heartbleed et al), but I suggest staging changes over multiple releases anyway to avoid changing too many things at once, and to allow people in the community to scream if any of those changes are going to break them, before they happen.

Deprecations on the server-side are slightly more dangerous, because of the sheer amount of outdated clients and devices. Namely, Android didn't have TLS 1.2 enabled by default until Android 5.0 (Lollipop), and older devices still account for ~5% of traffic, which is a bit too high to break by default, IMHO.

Guide contributeur